BlueEars wrote:You will see conflicting advice on this, I fear. ...
Indeed. I'm afraid I'm about to give some right now.
BlueEars wrote:... My opinion, only deal with the minimum number of institutions you can get down to. ...
There's the conflict.
You've received great advice in answer to your question on preventing access and theft, and I take most of those precautions myself. I'd like to add some points about limiting damage in the event your security is compromised anyway.
Although I don't say anyone should excessively proliferate accounts, I make a point of keeping deposits, borrowings, and investments at separate institutions.
My reasoning is it would be easiest for a thief to steal my checking account or credit card numbers. Therefore I do what I can to limit how much they might be able to take, even if eventually I would be reimbursed.
I have my checking account at an online bank, and I like to keep a savings account next to it to avoid any temporary liquidity issues. Like you I keep little in checking. I do have the accounts linked for overdraft protection. The way I minimize danger is to keep my balances there strictly limited, so the most anyone could steal is not very much. This bank offers two-factor authentication, so its is the only financial website I ordinarily access while traveling. That protects me from key loggers. I am still vulnerable to man-in-the-middle attacks, so there are no links to other accounts where I have assets. For good measure, I also maintain a secondary no-fee checking account at a small local brick-and-mortar thrift. Such local financial institutions have their own advantages.
My CDs and main savings account are at another, higher yielding bank where I have no transaction account to be compromised. From it I can transfer funds to checking, which takes three business days.
My credit cards are elsewhere, because sometimes in the event of a dispute a credit card issuer can seize money from deposit accounts one holds with them. I've never been in a dispute, but this way they would have to use formal legal process to access my assets.
My non-CD investments are at Vanguard, Treasury Direct, and a 401(k) provider. Vanguard and TD know my checking account number, but as said by others, what could anybody do but sell my assets and send the proceeds to me? One can also instruct Vanguard in writing to disallow any transfers out. You can still transfer in, and rebalance within your accounts. To rescind the order takes another letter. Transfers from my 401(k) can only be made via signed pieces of physical paper.
Operationally, I log in to each account weekly. While I'm there I click my mouse a few extra times to be sure nobody changed my address or phone number, and that there are no new linked accounts. I know someone who says such tasks should be the vendor's responsibility, not mine, but who is more motivated to protect my assets than I?
Hope that helps.
[Edited twice to correct the incorrect "into" into the correct "in to." Gargh!